Aller directement au contenu

NodeBB
  1. Accueil

Monde

Sujets en dehors de ce forum. Les vues et opinions exprimées ici ne reflètent pas nécessairement celles de ce forum et de ses membres.

Un monde de contenus à portée de main…

Voyez cela comme votre fil de découverte global. Il rassemble des discussions intéressantes issues du web et d’autres communautés, en un seul endroit.

Bien que vous puissiez consulter les tendances du moment, la meilleure façon d’utiliser ce fil est de le personnaliser. En créant un compte, vous pouvez suivre des créateurs et des sujets spécifiques afin de filtrer le bruit et de ne voir que ce qui vous intéresse.

Prêt à vous lancer ? Créez un compte pour suivre d’autres personnes, recevoir des notifications quand on vous répond et sauvegarder vos contenus favoris.

S'inscrire Se connecter
  • fariasF
    fariasF farias
    Scan Attack

    Conclusion :

    IN REJECT -source 185.177.72.0/24 -p tcp -log notice # CCBot France
    0 0 0 Répondre
  • fariasF
    fariasF farias
    Proxmox

    Via : https://community-scripts.github.io/ProxmoxVE/scripts?id=mqtt

    bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/mqtt.sh)"

    0da384dd-529d-40df-9be1-891a88e451f9-image.png

    2 0 0 Répondre
    fariasF farias
    En local : ⚙️ Using Default Settings on node balkany 🆔 Container ID: 112 🖥️ Operating System: debian (13) 📦 Container Type: Unprivileged 💾 Disk Size: 2 GB 🧠 CPU Cores: 1 🛠️ RAM Size: 512 MiB 🚀 Creating a MQTT LXC using the above default settings ✔️ Storage local (Free: 51.5GB Used: 35.7GB) [Template] ✔️ Storage datastore2 (Free: 801.6GB Used: 3.0TB) [Container] ✔️ Template debian-13-standard_13.1-2_amd64.tar.zst [online] 💡 Template debian-13-standard_13.1-2_amd64.tar.zst is missing or corrupted. Re-downloading. ✔️ Template download successful. ✔️ LXC Container 112 was successfully created. ✔️ Started LXC Container ✔️ Network in LXC is reachable (ping) ⠴ Customizing LXC Containerbash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8): No such file or directory ⠸ Customizing LXC Containerbash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8): No such file or directory ✔️ Customized LXC Container ✔️ Set up Container OS ✔️ Network Connected: 192.168.1.56 ✔️ IPv4 Internet Connected ✔️ IPv6 Internet Connected ✔️ Git DNS: github.com:(✔️ ) raw.githubusercontent.com:(✔️ ) api.github.com:(✔️ ) git.community-scripts.org:(✔️ ) ✔️ Updated Container OS ✔️ Installed Mosquitto MQTT Broker ✔️ Customized Container ✔️ Cleaned ✔️ Completed Successfully! 🚀 MQTT setup has been successfully initialized! 💡 Access it using the following IP: 🌐 192.168.1.56:1883
  • fariasF
    fariasF farias
    Linux

    Creation d’un fichier /var/www/html/robots.txt

    User-agent: GPTBot
Disallow: /
User-agent: ChatGPT-User
Disallow: /
User-agent: Google-Extended
Disallow: /
User-agent: PerplexityBot
Disallow: /
User-agent: Amazonbot
Disallow: /
User-agent: ClaudeBot
Disallow: /
User-agent: Omgilibot
Disallow: /
User-Agent: FacebookBot
Disallow: /
User-Agent: Applebot
Disallow: /
User-agent: anthropic-ai
Disallow: /
User-agent: Bytespider
Disallow: /
User-agent: Claude-Web
Disallow: /
User-agent: Diffbot
Disallow: /
User-agent: ImagesiftBot
Disallow: /
User-agent: Omgilibot
Disallow: /
User-agent: Omgili
Disallow: /
User-agent: YouBot
Disallow: /

    Ajout dans ma conf apache2 :

    <Location "/robots.txt">
 SetHandler None
 Require all granted
</Location>
Alias /robots.txt /var/www/html/robots.txt
    1 0 0 Répondre
    fariasF farias
    Misère. # grep "robots.txt" /var/log/apache2/access*.log | awk '{print $12}' | sort -n | uniq -c 2 "-" 3 "caveman-hunter/0.0.0 2367 "CCBot" 3 "facebookexternalhit/1.1 2 "FediDB/0.5.0; 4 "FediIndex/1.0 1 "Go-http-client/1.1" 1 "Mastodon/4.6.0-nightly.2025-11-06 1 "Minoru's 80 "Mozilla/5.0 6 "Mozilla/5.0"
  • F
    F FredR
    Dev

    Téléchargement :

    # git clone https://github.com/raboof/nethogs
Cloning into 'nethogs'...
remote: Enumerating objects: 1888, done.
remote: Counting objects: 100% (276/276), done.
remote: Compressing objects: 100% (71/71), done.
remote: Total 1888 (delta 230), reused 205 (delta 205), pack-reused 1612 (from 1)
Receiving objects: 100% (1888/1888), 1.53 MiB | 6.39 MiB/s, done.
Resolving deltas: 100% (1245/1245), done.

# apt-get install libpcap-dev

# make

# make install

# ldd src/nethogs
        linux-vdso.so.1 (0x00007ffde5ee4000)
        libpcap.so.0.8 => /lib/x86_64-linux-gnu/libpcap.so.0.8 (0x00007f5feedff000)
        libncurses.so.6 => /lib/x86_64-linux-gnu/libncurses.so.6 (0x00007f5feedd7000)
        libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007f5feeda5000)
        libstdc++.so.6 => /lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f5feeb79000)
        libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f5feeb59000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f5fee92e000)
        libdbus-1.so.3 => /lib/x86_64-linux-gnu/libdbus-1.so.3 (0x00007f5fee8e0000)
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f5fee7f9000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f5feee7b000)
        libsystemd.so.0 => /lib/x86_64-linux-gnu/libsystemd.so.0 (0x00007f5fee732000)
        liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f5fee707000)
        libzstd.so.1 => /lib/x86_64-linux-gnu/libzstd.so.1 (0x00007f5fee636000)
        liblz4.so.1 => /lib/x86_64-linux-gnu/liblz4.so.1 (0x00007f5fee616000)
        libcap.so.2 => /lib/x86_64-linux-gnu/libcap.so.2 (0x00007f5fee60b000)
        libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007f5fee4cd000)
        libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007f5fee4a7000)

# elf-arch src/nethogs
amd64
    32 0 2 Répondre
    F FredR
    Voir : https://xtom.com/blog/what-is-nethogs-and-how-to-monitor-network-traffic/
  • fariasF
    fariasF farias
    Proxmox

    Mon fichier cluster.fw est énorme :

    # wc -l /etc/pve/firewall/cluster.fw 
8599 /etc/pve/firewall/cluster.fw

    je sais pas quel est la limite … je pense le rendre public.

    1 0 0 Répondre
    fariasF farias
    Toujours pas de crash … # wc -l /etc/pve/firewall/cluster.fw 10288 /etc/pve/firewall/cluster.fw # grep "# CCBot" /etc/pve/firewall/cluster.fw > iptables-CCbot.txt # wc -l iptables-CCbot.txt 8994 iptables-CCbot.txt Le gros est la pollution de CCBot ( Brésil, Argentine, Vietnam, … )
  • fariasF
    fariasF farias
    Scan Attack

    Voir https://git.cyber-neurones.org/farias/BlocageDeDataforseo-bot

    Il est bien passé :

    # grep "DataForSeoBot" /var/log/apache2/access.*.log | wc -l
8959
    0 0 0 Répondre
  • fariasF
    fariasF farias
    Scan Attack

    Voir : https://git.cyber-neurones.org/farias/iptablesApache2/src/branch/main/reject.txt

    $ sudo apt-get install geoip-bin geoip-database
$ cat reject.txt | xargs -n 1 | ipinfo prips > full-reject.txt
$ wc -l full-reject.txt 
78792204 full-reject.txt
$ cat full-reject.txt | xargs -n 1 geoiplookup { } | sort | uniq -c | sort -n | sed -r 's/ GeoIP Country Edition://g'
    1 0 0 Répondre
    fariasF farias
    $ cat full-reject.txt | xargs -n 1 geoiplookup { } | sort | uniq -c | sort -n | sed -r 's/ GeoIP Country Edition://g' 1 AO, Angola 1 BE, Belgium 1 BN, Brunei Darussalam 1 can't resolve hostname ( 2606:4700:3037::ac43:cc71 ) 1 CI, Cote D'Ivoire 1 GH, Ghana 1 HR, Croatia 1 JM, Jamaica 1 LT, Lithuania 1 LV, Latvia 1 MD, Moldova, Republic of 1 MM, Myanmar 1 MN, Mongolia 1 NG, Nigeria 1 PT, Portugal 1 SA, Saudi Arabia 1 SI, Slovenia 1 SO, Somalia 1 SY, Syrian Arab Republic 1 UG, Uganda 1 GeoIP Country V6 Edition: can't resolve hostname ( 2606:4700:3037::ac43:cc71 ) 2 GE, Georgia 2 KN, Saint Kitts and Nevis 2 MK, Macedonia 2 PR, Puerto Rico 2 SK, Slovakia 3 CY, Cyprus 3 ET, Ethiopia 3 HU, Hungary 3 KG, Kyrgyzstan 3 MC, Monaco 3 MU, Mauritius 3 QA, Qatar 3 SN, Senegal 3 SV, El Salvador 4 AL, Albania 4 AM, Armenia 4 GA, Gabon 4 JO, Jordan 4 LB, Lebanon 4 OM, Oman 4 TT, Trinidad and Tobago 5 BW, Botswana 9 BA, Bosnia and Herzegovina 9 CZ, Czech Republic 10 KW, Kuwait 11 DZ, Algeria 12 BO, Bolivia 12 GT, Guatemala 16 IS, Iceland 18 AZ, Azerbaijan 20 UZ, Uzbekistan 27 TN, Tunisia 34 AT, Austria 34 EE, Estonia 37 IQ, Iraq 39 EG, Egypt 40 UY, Uruguay 42 MA, Morocco 258 AP, Asia/Pacific Region 258 EU, Europe 260 PA, Panama 260 TR, Turkey 261 CR, Costa Rica 265 RS, Serbia 267 KZ, Kazakhstan 270 KE, Kenya 513 FI, Finland 513 NI, Nicaragua 770 PL, Poland 770 RO, Romania 1024 PF, French Polynesia 1026 PS, Palestinian Territory 1027 SC, Seychelles 1036 BG, Bulgaria 1040 KP, Korea, Democratic People's Republic of 1125 IL, Israel 1341 PE, Peru 1972 NL, Netherlands 2048 VU, Vanuatu 2050 KH, Cambodia 2058 HN, Honduras 2848 VE, Venezuela 2941 CH, Switzerland 3095 IP Address not found 3140 CL, Chile 3239 ZA, South Africa 3432 BH, Bahrain 3608 DO, Dominican Republic 3663 PY, Paraguay 3696 CO, Colombia 3891 UA, Ukraine 4162 NZ, New Zealand 8192 FJ, Fiji 8195 LK, Sri Lanka 11264 NC, New Caledonia 13849 PK, Pakistan 16384 MO, Macau 17785 SE, Sweden 19555 ES, Spain 24887 AR, Argentina 34823 NP, Nepal 35697 BD, Bangladesh 67514 EC, Ecuador 67840 TH, Thailand 68776 IT, Italy 78941 MX, Mexico 81409 PH, Philippines 101737 ID, Indonesia 113413 TW, Taiwan 133730 AE, United Arab Emirates 170330 MY, Malaysia 285170 FR, France 526851 BY, Belarus 538991 CA, Canada 671345 HK, Hong Kong 697025 IN, India 1340962 KR, Korea, Republic of 1344984 GB, United Kingdom 1416874 AU, Australia 1450519 IR, Iran, Islamic Republic of 1481058 BR, Brazil 1922796 SG, Singapore 2180768 RU, Russian Federation 3433168 DE, Germany 4220007 IE, Ireland 4266170 JP, Japan 7136014 VN, Vietnam 13160884 CN, China 31585710 US, United States
  • fariasF
    fariasF farias
    Scan Attack

    J’ai donc bloqué un maximum d’IP de Tencent Cloud Computing (Beijing) Co., Ltd.

    Les attaques sont du types : “GET /_app/immutable/chunks/*.js”

    0 0 0 Répondre
  • fariasF
    fariasF farias
    Scan Attack 
    # grep "^217.154.8.114 " /var/log/apache2/access.*.log  | awk '{print $6 " " $7 " " $8}'
"POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1"
"POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1"
"POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1"
"POST /?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1"
"GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /vendor/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /vendor/phpunit/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /vendor/phpunit/phpunit/LICENSE/eval-stdin.php HTTP/1.1"
"GET /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /phpunit/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /lib/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /lib/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /lib/phpunit/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello HTTP/1.1"
"GET /public/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello HTTP/1.1"
"GET /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\"hi\"));?>+/tmp/index1.php HTTP/1.1"
"GET /index.php?lang=../../../../../../../../tmp/index1 HTTP/1.1"
"GET /containers/json HTTP/1.1"
    1 0 0 Répondre
    fariasF farias
    Mais aussi : # grep "^217.154.8.45 " /var/log/apache2/access.*.log | awk '{print $6 " " $7 " " $8}' "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" "POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1" "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" "POST /?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" "GET /vendor/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /vendor/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" "GET /vendor/phpunit/phpunit/LICENSE/eval-stdin.php HTTP/1.1" "GET /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" "GET /phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /phpunit/Util/PHP/eval-stdin.php HTTP/1.1" "GET /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /lib/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" "GET /lib/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /lib/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" "GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello HTTP/1.1" "GET /public/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello HTTP/1.1" "GET /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\"hi\"));?>+/tmp/index1.php HTTP/1.1" "GET /index.php?lang=../../../../../../../../tmp/index1 HTTP/1.1" "GET /containers/json HTTP/1.1"
  • fariasF
    fariasF farias
    Sports

    Avec la version : 23.18.

    0 0 0 Répondre
  • fariasF
    fariasF farias
    Proxmox

    Il faudrait une GUI pour les logs du Firewall :

    # du -sh /var/log/pve-firewall.log*
5.5M	/var/log/pve-firewall.log
9.8M	/var/log/pve-firewall.log.1
400K	/var/log/pve-firewall.log.2.gz
456K	/var/log/pve-firewall.log.3.gz
324K	/var/log/pve-firewall.log.4.gz
308K	/var/log/pve-firewall.log.5.gz
336K	/var/log/pve-firewall.log.6.gz
124K	/var/log/pve-firewall.log.7.gz
# cat /var/log/pve-firewall.log | grep "GROUP-attack" | wc -l
158
    1 0 0 Répondre
    fariasF farias
    Huawei devant ccbot : # cat /var/log/pve-firewall.log | awk '{print $3}' | sort -n | uniq -c 867 GROUP-attack-IN 721 GROUP-attackmail-IN 3452 GROUP-ccbot-IN 12 GROUP-honeypot-IN 6027 GROUP-huawei-IN 47 GROUP-russian-IN
  • fariasF
    fariasF farias
    Scan Attack 
    # grep "/tiny.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort | uniq -c
      2 5.3.93.2
      1 81.200.17.146
      2 81.23.155.170
      2 87.239.27.150
      2 87.249.25.140
      2 91.232.39.23
      1 93.124.97.231
    1 0 0 Répondre
    fariasF farias
    Scan sur chosen.php : # grep "/chosen.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort | uniq -c 2 5.188.167.226 2 89.21.132.85 2 95.165.10.241
  • fariasF
    fariasF farias
    Scan Attack

    L’agent est : python-httpx/0.28.1

    19/Oct/2025:00:01:29
    21/Oct/2025:19:27:16
    25/Oct/2025:02:11:56

    Cela fait des “GET /_app/immutable/” …

    1 0 0 Répondre
    fariasF farias
    # zgrep "GET /_app/immutable/chunks" //var/log/apache2/access.photo-ssl.log*gz | grep "python-httpx/0.28.1" | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c 10 84.20.18.75 10 192.159.99.155 30 196.251.69.173
  • fariasF
    fariasF farias
    Scan Attack 
    # grep "^63.177.94.5 " /var/log/apache2/access.*.log  | awk '{print $6 " " $7 " " $8}'
"GET / HTTP/1.1"
"GET / HTTP/1.1"
"GET /manual HTTP/1.1"
"GET /.env HTTP/1.1"
"GET /phpinfo HTTP/1.1"
"GET /phpinfo.php HTTP/1.1"
"GET /portal/.env HTTP/1.1"
"GET /env/.env HTTP/1.1"
"GET /api/.env HTTP/1.1"
"GET /app/.env HTTP/1.1"
"GET /dev/.env HTTP/1.1"
"GET /new/.env HTTP/1.1"
"GET /new/.env.local HTTP/1.1"
"GET /new/.env.production HTTP/1.1"
"GET /new/.env.staging HTTP/1.1"
"GET /_phpinfo.php HTTP/1.1"
"GET /_profiler/phpinfo HTTP/1.1"
"GET /_profiler/phpinfo/info.php HTTP/1.1"
"GET /_profiler/phpinfo/phpinfo.php HTTP/1.1"
"GET /wp-config HTTP/1.1"
"GET /aws-secret.yaml HTTP/1.1"
"GET /awstats/.env HTTP/1.1"
"GET /conf/.env HTTP/1.1"
"GET /cron/.env HTTP/1.1"
"GET /www/.env HTTP/1.1"
"GET /docker/.env HTTP/1.1"
"GET /docker/app/.env HTTP/1.1"
"GET /env.backup HTTP/1.1"
"GET /xampp/phpinfo.php HTTP/1.1"
"GET /lara/info.php HTTP/1.1"
"GET /lara/phpinfo.php HTTP/1.1"
"GET /laravel/info.php HTTP/1.1"
"GET /.vscode/.env HTTP/1.1"
"GET /js/.env HTTP/1.1"
"GET /laravel/.env HTTP/1.1"
"GET /laravel/core/.env HTTP/1.1"
"GET /mail/.env HTTP/1.1"
"GET /mailer/.env HTTP/1.1"
"GET /nginx/.env HTTP/1.1"
"GET /public/.env HTTP/1.1"
"GET /site/.env HTTP/1.1"
"GET /xampp/.env HTTP/1.1"
"GET /main/.env HTTP/1.1"
"GET /node_modules/.env HTTP/1.1"
"GET /kyc/.env HTTP/1.1"
"GET /admin/.env HTTP/1.1"
"GET /prod/.env HTTP/1.1"
"GET /.env.bak HTTP/1.1"
"GET /api/shared/config/config.env HTTP/1.1"
"GET /api/shared/config.env HTTP/1.1"
"GET /config.env HTTP/1.1"
"GET /website/.env HTTP/1.1"
"GET /development/.env HTTP/1.1"
"GET /backend/.env HTTP/1.1"
"GET /api/shared/config/.env HTTP/1.1"
"GET /api/shared/.env HTTP/1.1"
"GET /api/config.env HTTP/1.1"
"GET /service/email_service.py HTTP/1.1"
"GET /node/.env_example HTTP/1.1"
"GET /.env.production.local HTTP/1.1"
"GET /.env.local HTTP/1.1"
"GET /.env.example HTTP/1.1"
"GET /.env.stage HTTP/1.1"
"GET /server/config/database.js HTTP/1.1"
"GET /.env.old HTTP/1.1"
"GET /.env_sample HTTP/1.1"
"GET /scripts/nodemailer.js HTTP/1.1"
"GET /.env.prod HTTP/1.1"
"GET /crm/.env HTTP/1.1"
"GET /local/.env HTTP/1.1"
"GET /core/.env HTTP/1.1"
"GET /apps/.env HTTP/1.1"
"GET /application/.env HTTP/1.1"
"GET /web/.env HTTP/1.1"
"GET /.aws/credentials HTTP/1.1"
"GET /wp-config.php.bak HTTP/1.1"
"GET /info.php HTTP/1.1"
"GET /dashboard/phpinfo.php HTTP/1.1"
"GET /static/js/main.141b0494.js HTTP/1.1"
"GET /static/js/2.ca066a4b.chunk.js HTTP/1.1"
"GET /static/js/main.e85f7a37.js HTTP/1.1"
"GET /admin/server_info.php HTTP/1.1"
"GET /server_info.php HTTP/1.1"
"GET /app_dev.php/_profiler/phpinfo HTTP/1.1"
"GET /test.php HTTP/1.1"
"GET /server-info HTTP/1.1"
"GET /server-info.php HTTP/1.1"
"GET /secured/phpinfo.php HTTP/1.1"
"GET /config.js HTTP/1.1"
"GET /server.js HTTP/1.1"
"GET /appsettings.json HTTP/1.1"
"GET /shared/config/config.js HTTP/1.1"
"GET /config/aws.yml HTTP/1.1"
"GET /settings.py HTTP/1.1"
"GET /config.json HTTP/1.1"
"GET /main.js HTTP/1.1"
"GET /config/constants.js HTTP/1.1"
"GET /application.properties HTTP/1.1"
"GET /public/js/main.js HTTP/1.1"
"GET /js/main.js HTTP/1.1"
"GET /?phpinfo=1 HTTP/1.1"
"GET /storage/logs/laravel.log HTTP/1.1"
"GET /karma.conf.json HTTP/1.1"
"GET /swagger.json HTTP/1.1"
"GET /swagger.js HTTP/1.1"
"GET /gatsby-config.js HTTP/1.1"
"GET /backend/config/default.yml HTTP/1.1"
"GET /app.py HTTP/1.1"
"GET /admin/controllers/merchant.js HTTP/1.1"
"GET /admin/controllers/partner.js HTTP/1.1"
"GET /api/config.js HTTP/1.1"
"GET /api/objects/codes.php.save HTTP/1.1"
"GET /apis/config/config.js HTTP/1.1"
"GET /apis/controllers/users.js HTTP/1.1"
    0 0 0 Répondre
  • fariasF
    fariasF farias
    Scan Attack

    j’avais pas vu les range Russian … https://ipinfo.io/ips/88.214.0.0/16

    # grep "^88.214.50.101 " /var/log/apache2/access.*.log  | awk '{print $6 " " $7 " " $8}'
"GET / HTTP/1.1"
"GET /.env.dev.local HTTP/1.1"
"GET /tsconfig.spec.json HTTP/1.1"
"GET /public/.env HTTP/1.1"
"GET /?pp=enable&pp=env HTTP/1.1"
"GET /.envs HTTP/1.1"
"GET /?pp=env&pp=env HTTP/1.1"
"GET /appsettings.Staging.json HTTP/1.1"
"GET /.env.stage HTTP/1.1"
"GET /config/production.json HTTP/1.1"
"GET /application/.env HTTP/1.1"
"GET /config/settings.json HTTP/1.1"
"GET /application/config/doctypes.php HTTP/1.1"
"GET /.env.config HTTP/1.1"
"GET /admin-app/.env HTTP/1.1"
"GET /appsettings.Production.json HTTP/1.1"
"GET /config/app_local.php HTTP/1.1"
"GET /app/etc/env.php HTTP/1.1"
"GET /.vscode/.env HTTP/1.1"
"GET /.env.travis HTTP/1.1"
"GET /.env.bak HTTP/1.1"
"GET /.env.production HTTP/1.1"
"GET /config/default.json HTTP/1.1"
"GET /application/config/routes.php HTTP/1.1"
"GET /.env.development.local HTTP/1.1"
"GET /appsettings.QA.json HTTP/1.1"
"GET /application/config/foreign_chars.php HTTP/1.1"
"GET /laravel/core/.env HTTP/1.1"
"GET /laravel/.env HTTP/1.1"
"GET /manifest.json HTTP/1.1"
"GET /appsettings.Development.json HTTP/1.1"
"GET /application/config/constants.php HTTP/1.1"
"GET /config/cli_bootstrap.php HTTP/1.1"
"GET /config/test.json HTTP/1.1"
"GET /app/etc/env.local.php HTTP/1.1"
"GET /.env.prod.local HTTP/1.1"
"GET /.env-example HTTP/1.1"
"GET /.env HTTP/1.1"
"GET /hosting.json HTTP/1.1"
"GET /.gitlab-ci/.env HTTP/1.1"
"GET /.env.php HTTP/1.1"
"GET /mailer/.env HTTP/1.1"
"GET /web/.env HTTP/1.1"
"GET /.envrc HTTP/1.1"
"GET /appsettings.Test.json HTTP/1.1"
"GET /meteor.settings.json HTTP/1.1"
"GET /env.json HTTP/1.1"
"GET /config/database.config.php HTTP/1.1"
"GET /src/config/environment.json HTTP/1.1"
"GET /crm/.env HTTP/1.1"
"GET /.env.save HTTP/1.1"
"GET /config/bootstrap.php HTTP/1.1"
"GET /application/config/migration.php HTTP/1.1"
"GET /shared/.env HTTP/1.1"
"GET /.env.sample HTTP/1.1"
"GET /config/app.default.php HTTP/1.1"
"GET /bundleconfig.json HTTP/1.1"
"GET /private/env.json HTTP/1.1"
"GET /app/.env HTTP/1.1"
"GET /appsettings.Local.json HTTP/1.1"
"GET /Properties/launchSettings.json HTTP/1.1"
"GET /launchSettings.json HTTP/1.1"
"GET /config/application.config.php HTTP/1.1"
"GET /.env.backup HTTP/1.1"
"GET /.env.prod HTTP/1.1"
"GET /config/routes.php HTTP/1.1"
"GET /.env-sample HTTP/1.1"
"GET /config/env.json HTTP/1.1"
"GET /local/.env HTTP/1.1"
"GET /.docker/.env HTTP/1.1"
"GET /tsconfig.app.json HTTP/1.1"
"GET /appsettings.json HTTP/1.1"
"GET /.env.production.local HTTP/1.1"
"GET /config/development.config.php HTTP/1.1"
"GET /live_env HTTP/1.1"
"GET /config/development.json HTTP/1.1"
"GET /config/environment.json HTTP/1.1"
"GET /.env.local HTTP/1.1"
"GET /settings.json HTTP/1.1"
"GET /.docker/laravel/app/.env HTTP/1.1"
"GET / HTTP/1.1"
"GET /api/.env HTTP/1.1"
"GET /manifest.json HTTP/1.1"
"GET /private/env.json HTTP/1.1"
"GET /config.json HTTP/1.1"
"GET /prod/.env HTTP/1.1"
"GET /appsettings.Development.json HTTP/1.1"
"GET /config/production.json HTTP/1.1"
"GET /appsettings.Production.json HTTP/1.1"

    d8ebf7f7-7cd8-4674-b397-a044a674e952-image.png

    0 0 0 Répondre
  • fariasF
    fariasF farias
    Scan Attack 
    # grep "^185.85.205.122 " /var/log/apache2/access.*.log  | awk '{print $6 " " $7 " " $8}'
"POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1"
"POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1"
"POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1"
"POST /?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1"
"GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /vendor/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /vendor/phpunit/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /vendor/phpunit/phpunit/LICENSE/eval-stdin.php HTTP/1.1"
"GET /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /phpunit/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /lib/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /lib/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /lib/phpunit/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
"GET /index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello HTTP/1.1"
"GET /public/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello HTTP/1.1"
"GET /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\"hi\"));?>+/tmp/index1.php HTTP/1.1"
"GET /index.php?lang=../../../../../../../../tmp/index1 HTTP/1.1"
"GET /containers/json HTTP/1.1"
    0 0 0 Répondre
  • F
    F FredR
    Linux at work

    Je dois voir le problème :

    dracut-install: Failed to find module 'hyperv_keyboard'
dracut: FAILED:  /usr/lib/dracut/dracut-install -D /var/tmp/dracut.aG9SJk/initramfs -N floppy|nouveau|radeon|amdgpu --kerneldir /lib/modules/5.15.0-313.189.5.2.el8uek.x86_64/ -m xen_netfront xen_blkfront virtio_blk virtio_net virtio_balloon virtio_scsi hyperv_keyboard hv_netvsc hid_hyperv hv_utils hv_storvsc hyperv_fb ahci libahci

$ uname -r
4.18.0-553.45.1.el8_10.x86_64

    A suivre.

    0 0 0 Répondre
  • F
    F FredR
    Dev

    Il faut installer mawk :

    yum install mawk

    Sinon on a l’erreur :

    ./config.status: line 1090: mawk: command not found
    0 0 0 Répondre
  • fariasF
    fariasF farias
    Scan Attack 
    # zgrep " 404 " /var/log/apache2/acces*log*gz | grep "php"  | awk '{print $7}' | sort | uniq -c | sort -n | tail -50
     49 /cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     49 /crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     49 /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     49 /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input
     50 /lib/phpunit/phpunit/Util/PHP/eval-stdin.php
     50 /lib/phpunit/src/Util/PHP/eval-stdin.php
     50 /lib/phpunit/Util/PHP/eval-stdin.php
     50 /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     50 /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     50 /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     50 /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     50 /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     50 /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     50 /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     51 /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     51 /lock360.php
     51 /php_info.php
     51 /phpunit/Util/PHP/eval-stdin.php
     52 /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     52 /phpunit/phpunit/src/Util/PHP/eval-stdin.php
     52 /phpunit/phpunit/Util/PHP/eval-stdin.php
     52 /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     52 /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     52 /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     53 /phpunit/src/Util/PHP/eval-stdin.php
     53 /vendor/phpunit/phpunit/LICENSE/eval-stdin.php
     54 /php.php
     55 /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     55 /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
     55 /vendor/phpunit/src/Util/PHP/eval-stdin.php
     55 /vendor/phpunit/Util/PHP/eval-stdin.php
     56 /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     56 /wp-config.php
     58 /wp-admin/admin-ajax.php
     59 /gmo.php
     61 /config.php
     62 /robots.txt
     62 //xmlrpc.php?rsd
     64 /i.php
     65 /1.php
     69 /app_dev.php/_profiler/phpinfo
     81 /test.php
     84 /wp-content/plugins/hellopress/wp_filemanager.php
     94 /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
     95 /phpinfo
    133 /admin/config.php
    145 /phpinfo.php
    151 /_profiler/phpinfo
    159 /info.php
    224 /status.php
    0 0 1 Répondre
  • fariasF
    fariasF farias
    Scan Attack 
    # grep "^91.233.43.252 " /var/log/apache2/access.*.log  | awk '{print $6 " " $7 " " $8}'
"GET /mah.php HTTP/1.1"
"GET /chosen.php HTTP/1.1"
"GET /goods.php HTTP/1.1"
"GET /mah.php HTTP/1.1"
"GET /chosen.php HTTP/1.1"
"GET /goods.php HTTP/1.1"
    0 0 0 Répondre